What is Intrinsic?

Intrinsic is an application runtime security technology for Node.js

“Intrinsic gave us the security technologies we needed to be comfortable using serverless architectures.”

Ben Kus

VP of Product Management, Box

Today's security solutions don't match today's threats

Securing your own code is hard—even worse, the vast majority of an average modern Node.js application is made up of untrusted open source code that unsafely interacts with your sensitive resources. Other security tools can't fully protect against malicious or buggy third-party code. They depend on pattern matching and heuristics which don't protect against the next generation of attack vectors.

A smarter way to secure your Node.js applications

Intrinsic allows you to run all code, even malicious code, safely. Intrinsic is an application runtime security technology which limits your application's privileges to exactly what is needed and nothing more. This enables you to reduce the attack surface of your application to exactly the bare minimum needed, protecting you from malicious code and zero-day attacks.

Compatible with legacy applications

We don't phone home

How it works

Unlike most runtime security solutions, which try to defend against application-level attacks by analyzing or monitoring behavior, Intrinsic protects against attacks by enforcing that your Node.js code only executes as expected.

Intrinsic is a new virtualization technology that lives in the Node.js language runtime. It blocks all privileged operations that are not whitelisted by your security policies.